From 1155be45304ca24eb24850a3341b6d33729c5fe9 Mon Sep 17 00:00:00 2001
From: Adria Navarro <adria@budibase.com>
Date: Thu, 17 Oct 2024 11:52:03 +0200
Subject: [PATCH] Fix

---
 packages/backend-core/src/security/roles.ts | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/packages/backend-core/src/security/roles.ts b/packages/backend-core/src/security/roles.ts
index ea4cb1b38a..cd9217d600 100644
--- a/packages/backend-core/src/security/roles.ts
+++ b/packages/backend-core/src/security/roles.ts
@@ -336,7 +336,7 @@ export async function getAllRoles(appId?: string): Promise<RoleDoc[]> {
     // exclude internal roles like builder
     let externalBuiltinRoles = []
 
-    if (db && !(await shouldIncludePowerRole(db))) {
+    if (!db || (await shouldIncludePowerRole(db))) {
       externalBuiltinRoles = [
         BUILTIN_IDS.ADMIN,
         BUILTIN_IDS.POWER,
@@ -386,11 +386,13 @@ export async function getAllRoles(appId?: string): Promise<RoleDoc[]> {
 async function shouldIncludePowerRole(db: Database) {
   const app = await db.get<App>(DocumentType.APP_METADATA)
   const { creationVersion } = app
-  if (semver.gte(creationVersion || "", "3.0.0")) {
+  if (!creationVersion) {
+    // Old apps don't have creationVersion, so we should include it for backward compatibility
     return true
   }
 
-  return false
+  const isGreaterThan3x = semver.gte(creationVersion, "3.0.0")
+  return !isGreaterThan3x
 }
 
 export class AccessController {